Admins of WordPress websites warned against SEO plug-in flaw

June 3, 2014 2:09 am

Researchers from web security firm Sucuri have said administrators of many WordPress websites need to upgrade a popular search engine optimisation (SEO) plug-in to a newly released version to avoid the risk of compromise, PC World has reported. The two flaws were found in a plug-in called “All in One SEO Pack” that potentially allow attackers with access to non-administrative WordPress accounts to elevate their privileges and inject malicious code into the administration panel. “If your site has subscribers, authors and non-admin users logging in to wp-admin, you are a risk,” the Sucuri researchers said in a blog post. “If you have open registration, you are at risk, so you have to update the plugin now.”